Skip to content
CVSS 8.8 · HIGH

CVE-2026-7548

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Ver en NVD

Análisis

This vulnerability affects a specific model of Totolink consumer routers through a command injection flaw. It is categorized as vendor-specific firmware for hardware that is not part of the standard software development or server infrastructure stack used by the community.

Severidad

Puntaje: 8.8(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-74CWE-77

EPSS

Probabilidad de explotación (próx. 30 días): 0.0116 (1.2%)
Percentil: 78.7%
EPSS: 2026-05-06

Descripción técnica

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Publicada: 1/5/2026, 3:16:01
Última modificación: 1/5/2026, 15:26:24

Referencias

InicioEventosBlogRecursosEquipo